Changeset 372
- Timestamp:
- May 26, 2010 9:09:59 PM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Auth_SQL.inc.php
r371 r372 382 382 // Don't return password value. 383 383 unset($user_data['userpass']); 384 $app->logMsg(sprintf('Authentication successful for user %s (%s)', $user_data['user_id'], $username), LOG_INFO, __FILE__, __LINE__);384 $app->logMsg(sprintf('Authentication successful for user_id %s (%s)', $user_data['user_id'], $username), LOG_INFO, __FILE__, __LINE__); 385 385 return $user_data; 386 386 } else { 387 $app->logMsg(sprintf('Authentication failed for user %s (encrypted attempted password: %s)', $username, $this->encryptPassword($password)), LOG_NOTICE, __FILE__, __LINE__);387 $app->logMsg(sprintf('Authentication failed for username %s (encrypted attempted password: %s)', $username, $this->encryptPassword($password)), LOG_NOTICE, __FILE__, __LINE__); 388 388 return false; 389 389 } … … 436 436 if (!empty($user_data['blocked'])) { 437 437 438 $app->logMsg(sprintf('User %s (%s) login failed due to blocked account: %s', $this->get('user_id'), $this->get('username'), $this->get('blocked_reason')), LOG_NOTICE, __FILE__, __LINE__);438 $app->logMsg(sprintf('User_id %s (%s) login failed due to blocked account: %s', $this->get('user_id'), $this->get('username'), $this->get('blocked_reason')), LOG_NOTICE, __FILE__, __LINE__); 439 439 440 440 switch ($user_data['blocked_reason']) { … … 471 471 $this->resetPassword(null, _("This is a security precaution. We have detected this account has been accessed from multiple computers simultaneously. It is against policy to share login information with others. If further account abuse is detected this account will be blocked.")); 472 472 $app->raiseMsg(_("Your password has been reset as a security precaution. Please check your email for more information."), MSG_NOTICE, __FILE__, __LINE__); 473 $app->logMsg(sprintf('Account abuse detected for user %s (%s) from IP %s', $this->get('user_id'), $this->get('username'), $this->get('remote_ip')), LOG_WARNING, __FILE__, __LINE__);473 $app->logMsg(sprintf('Account abuse detected for user_id %s (%s) from IP %s', $this->get('user_id'), $this->get('username'), $this->get('remote_ip')), LOG_WARNING, __FILE__, __LINE__); 474 474 } else { 475 475 // Block the account with the reason of account abuse. 476 476 $this->blockAccount(null, 'account abuse'); 477 477 $app->raiseMsg(_("Your account has been blocked as a security precaution. Please contact us for more information."), MSG_NOTICE, __FILE__, __LINE__); 478 $app->logMsg(sprintf('Account blocked for user %s (%s) from IP %s', $this->get('user_id'), $this->get('username'), $this->get('remote_ip')), LOG_ALERT, __FILE__, __LINE__);478 $app->logMsg(sprintf('Account blocked for user_id %s (%s) from IP %s', $this->get('user_id'), $this->get('username'), $this->get('remote_ip')), LOG_ALERT, __FILE__, __LINE__); 479 479 } 480 480 // Increment user's warning level. … … 529 529 $app =& App::getInstance(); 530 530 $db =& DB::getInstance(); 531 531 532 532 $this->initDB(); 533 533 … … 540 540 AND DATE_ADD(last_access_datetime, INTERVAL '" . $this->_params['idle_timeout'] . "' SECOND) > NOW() 541 541 "); 542 return (mysql_num_rows($qid) > 0); 542 $login_status = (mysql_num_rows($qid) > 0); 543 $app->logMsg(sprintf('Returning %s login status for user_id %s', ($login_status ? 'true' : 'false'), $user_id), LOG_DEBUG, __FILE__, __LINE__); 544 return $login_status; 543 545 } 544 546 545 547 // User login test need only be run once per script execution. We cache the result in the session. 546 548 if ($this->_authentication_tested && isset($_SESSION['_auth_sql'][$this->_ns]['authenticated'])) { 549 $app->logMsg(sprintf('Returning cached authentication status: %s', ($_SESSION['_auth_sql'][$this->_ns]['authenticated'] ? 'true' : 'false')), LOG_DEBUG, __FILE__, __LINE__); 547 550 return $_SESSION['_auth_sql'][$this->_ns]['authenticated']; 548 551 } … … 555 558 if ($trusted_net = ipInRange(getRemoteAddr(), $this->_params['trusted_networks'])) { 556 559 $user_in_trusted_network = true; 557 $app->logMsg(sprintf('User %s accessing from trusted network %s',558 ($this->get('user_id') ? ' ' . $this->get('user_id') . ' (' . $this->get('username') . ')' : ''),560 $app->logMsg(sprintf('User_id %s accessing from trusted network %s', 561 ($this->get('user_id') ? $this->get('user_id') . ' (' . $this->get('username') . ')' : 'unknown'), 559 562 $trusted_net 560 563 ), LOG_DEBUG, __FILE__, __LINE__); 561 564 } else if (preg_match('/proxy.aol.com$/i', getRemoteAddr(true))) { 562 565 $user_in_trusted_network = true; 563 $app->logMsg(sprintf('User %s accessing from trusted network proxy.aol.com',564 ($this->get('user_id') ? ' ' . $this->get('user_id') . ' (' . $this->get('username') . ')' : '')566 $app->logMsg(sprintf('User_id %s accessing from trusted network proxy.aol.com', 567 ($this->get('user_id') ? $this->get('user_id') . ' (' . $this->get('username') . ')' : 'unknown') 565 568 ), LOG_DEBUG, __FILE__, __LINE__); 566 569 } else { … … 572 575 $remote_ip_is_matched = (isset($_SESSION['_auth_sql'][$this->_ns]['remote_ip']) && $_SESSION['_auth_sql'][$this->_ns]['remote_ip'] == getRemoteAddr()) || $user_in_trusted_network; 573 576 } else { 574 $app->logMsg(sprintf('User %s exempt from remote_ip match (comparing %s == %s)',575 ($this->get('user_id') ? ' ' . $this->get('user_id') . ' (' . $this->get('username') . ')' : ''),577 $app->logMsg(sprintf('User_id %s exempt from remote_ip match (comparing %s == %s)', 578 ($this->get('user_id') ? $this->get('user_id') . ' (' . $this->get('username') . ')' : 'unknown'), 576 579 $_SESSION['_auth_sql'][$this->_ns]['remote_ip'], 577 580 getRemoteAddr() … … 583 586 if (isset($_SESSION['_auth_sql'][$this->_ns]['authenticated']) 584 587 && true === $_SESSION['_auth_sql'][$this->_ns]['authenticated'] 588 && isset($_SESSION['_auth_sql'][$this->_ns]['username']) 585 589 && !empty($_SESSION['_auth_sql'][$this->_ns]['username']) 590 && isset($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) 586 591 && strtotime($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) > time() - $this->_params['login_timeout'] 592 && isset($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) 587 593 && strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) > time() - $this->_params['idle_timeout'] 588 594 && $remote_ip_is_matched … … 602 608 return true; 603 609 } else { 604 $app->logMsg(sprintf(' User update failed. Record not found for user%s (%s).', $this->get('user_id'), $this->get('username')), LOG_NOTICE, __FILE__, __LINE__);610 $app->logMsg(sprintf('Session update failed; record not found for user_id %s (%s).', $this->get('user_id'), $this->get('username')), LOG_NOTICE, __FILE__, __LINE__); 605 611 } 606 612 } else if (isset($_SESSION['_auth_sql'][$this->_ns]['authenticated']) && true === $_SESSION['_auth_sql'][$this->_ns]['authenticated']) { … … 617 623 } 618 624 if (strtotime($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) <= time() - $this->_params['login_timeout']) { 619 $expire_reasons[] = 'login_timeout expired';625 $expire_reasons[] = sprintf('login_timeout expired (%s older than %s seconds ago)', $_SESSION['_auth_sql'][$this->_ns]['login_datetime'], $this->_params['login_timeout']); 620 626 } 621 627 if (strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) <= time() - $this->_params['idle_timeout']) { 622 $expire_reasons[] = 'idle_timeout expired';628 $expire_reasons[] = sprintf('idle_timeout expired (%s older than %s seconds ago)', $_SESSION['_auth_sql'][$this->_ns]['last_access_datetime'], $this->_params['idle_timeout']); 623 629 } 624 630 if ($_SESSION['_auth_sql'][$this->_ns]['remote_ip'] != getRemoteAddr()) { … … 633 639 } 634 640 } 635 $app->logMsg(sprintf('User %s (%s) session expired: %s', $this->get('user_id'), $this->get('username'), join(', ', $expire_reasons)), LOG_INFO, __FILE__, __LINE__); 641 $app->logMsg(sprintf('User_id %s (%s) session expired: %s', $this->get('user_id'), $this->get('username'), join(', ', $expire_reasons)), LOG_INFO, __FILE__, __LINE__); 642 } else { 643 $app->logMsg(sprintf('Session not authenticated: %s', getDump($_SESSION['_auth_sql'][$this->_ns])), LOG_DEBUG, __FILE__, __LINE__); 636 644 } 637 645 … … 917 925 918 926 if (mysql_affected_rows($db->getDBH()) != 1) { 919 $app->logMsg(sprintf('Failed to update password for user %s', $user_id), LOG_WARNING, __FILE__, __LINE__);927 $app->logMsg(sprintf('Failed to update password for user_id %s', $user_id), LOG_WARNING, __FILE__, __LINE__); 920 928 return false; 921 929 } … … 947 955 "); 948 956 if (!$user_data = mysql_fetch_assoc($qid)) { 949 $app->logMsg(sprintf('Reset password failed. User %s not found.', $user_id), LOG_NOTICE, __FILE__, __LINE__);957 $app->logMsg(sprintf('Reset password failed. User_id %s not found.', $user_id), LOG_NOTICE, __FILE__, __LINE__); 950 958 return false; 951 959 } … … 959 967 // Make sure user has an email on record before continuing. 960 968 if (!isset($user_data['email']) || '' == trim($user_data['email'])) { 961 $app->logMsg(sprintf('Password reset but notification failed, no email address for user %s (%s).', $user_data[$this->_params['db_primary_key']], $user_data[$this->_params['db_username_column']]), LOG_NOTICE, __FILE__, __LINE__);969 $app->logMsg(sprintf('Password reset but notification failed, no email address for user_id %s (%s).', $user_data[$this->_params['db_primary_key']], $user_data[$this->_params['db_username_column']]), LOG_NOTICE, __FILE__, __LINE__); 962 970 } else { 963 971 // Send the new password in an email.
Note: See TracChangeset
for help on using the changeset viewer.